Hi Bill > Easy fix: do not use wildcards in IPv4 listings.
I agree, for the purpose of a 'listed yes/no' blacklist this is the way to go. > Both rbldnsd and BIND have other mechanisms for compactly generating > records that cover an IPv4 /24 network without also generating records > for all of an IPv6 /24 network. I would expect and hope that any other > authoritative nameserver would have similar mechanisms. How about reputation databases which might cover the whole ipv4 range and use more or less specific ranges with different reputation wights? You would need quite a big DNS server to cover all 4G of ipv4 space. And what about operators of blacklists which do use wildcards, because they are not aware that spamassassin will also look up ipv6 addresses against them and potentially cause false hits? So having a way to tell spamassassin to restrict lookups on certain blacklist with ip addresses from only one protocol version only could still be beneficial. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
